Red Team Handcuffs

Microsoft Red Teams try and emulate attackers as much as possible with how we do our activities, aiming to provide our respective Blue Teams with an adversary that emulates a real attacker well enough to earn a name on our periodic table. For the most part this is achievable, however there are some tactics and techniques that attackers can do (and do use) that CDG SERPENT has challenges emulating. We will share what these attacks and challenges are, how we work around them, and what we are considering doing for the future. This will cover items like: - Supply chain attacks that include a third-party compromise - Compromises where the blast radius cannot be controlled - Product compromises that would reach public consumers - Attacks that would cause an extended service outage - Etc. This talk will offer specific examples of each type of attack that we wanted to do from the public space and how we replicated (or attempted to replicate) that attack internally. We will explain our thought process, how we made decisions, and what trade-offs we had to accept in the end to achieve our goals. Caleb McGary Senior Software Security Engineer, Microsoft I\'m a member of the SERPENT Red Team at Microsoft servicing EDG (Edge, Devices, and Gaming). I enjoy coding, astronomy, and building new things.